[htdig] crypted passwords in openldap


kai.krebber@syseca.de
Mon, 25 Oct 1999 10:14:47 +0200


Hi, everybody!

As far as I know, OpenLDAP doesn't support LDAP over SSL (yet). To still
establish a kind of security, it seems to support storing of encrypted
passwords.

I experimented a bit with the ldappasswd without success:

Trying to set a password for a person in my little ldap-database that
didn't have the attribute "userPassword" yet, brought no errors while
executing the ldappassword-command (it prompted me twice for the password
that I entered in cleartext). However - no password (neither encrypted nor
cleartext) showed up with a ldapsearch for that person.
Trying to change a formerly (with an ldif - file ) created
userPassword-Entry (with a cleartext-PW) of another user had no visible
effect to the database too.

How does this ldappassword - tool work? (examples with "before" and "after"
- snapshots of the database available?)
Do I need to have already encrypted passwords or is it possible to enter
cleartext-passwords that are encrypted and stored to the DB on the fly?
If the password is stored invisible - how do I check, if the password is
stored correctly, e.g. thru logging into the DB as this user and trying to
edit my own record (can ldap be set up to allow this for a user if he/she
supplied the correct credentials - how?))

Thanx for any sufggestions,
     Kai

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig@htdig.org containing the single word unsubscribe in
the SUBJECT of the message.



This archive was generated by hypermail 2.0b3 on Mon Oct 25 1999 - 01:22:26 PDT